Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/zqwRhG5bKyfjXODoMnoVYVQRK-A.roa
File:                     zqwRhG5bKyfjXODoMnoVYVQRK-A.roa (raw, json)
Hash identifier:          Ll0ZjNMxqZPKZ09kNVIUBNB6IJukuqml3Dml0KoYmKs=
Subject key identifier:   CE:AC:11:84:6E:5B:2B:27:E3:5C:E0:E8:32:7A:15:61:54:11:2B:E0
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       0194B1122F620FBDF8987E04DC248B6BE064
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/zqwRhG5bKyfjXODoMnoVYVQRK-A.roa
Signing time:             Wed 29 Jan 2025 07:59:06 +0000
ROA not before:           Wed 29 Jan 2025 07:59:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        46.8.184.0/23 maxlen: 24
                          46.8.186.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:43:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b1:12:2f:62:0f:bd:f8:98:7e:04:dc:24:8b:6b:e0:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan 29 07:59:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ceac11846e5b2b27e35ce0e8327a156154112be0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:cb:d7:e9:e2:79:1e:aa:8e:43:5e:41:db:cb:
                    b2:98:38:fe:a2:10:04:97:0a:22:74:ba:d5:04:dd:
                    be:12:6f:09:fd:57:62:2b:7f:15:0a:3b:e0:46:49:
                    a4:6a:d0:41:33:3b:f5:29:95:28:99:39:93:76:af:
                    73:83:10:82:67:99:db:80:3d:38:aa:b4:2f:1a:46:
                    0c:f2:c8:f1:75:1e:c1:11:f3:ba:73:f9:70:7d:5b:
                    c8:02:bf:fb:6b:40:5d:27:89:79:f7:b0:cb:32:de:
                    d4:47:28:39:21:8d:d3:e9:9c:17:34:48:da:27:16:
                    bb:1d:3a:c2:e3:8c:32:57:d6:fa:cf:c7:eb:8e:60:
                    00:bd:96:0f:eb:42:ad:c2:3b:bc:f6:8e:08:a5:f1:
                    2d:59:fe:41:58:78:33:a9:12:fe:51:02:70:fb:8e:
                    39:bc:24:6d:62:14:fe:a3:9a:f8:45:3e:84:93:74:
                    e5:fd:e1:03:7f:dc:6a:64:32:d7:3f:f8:3f:47:07:
                    d9:cf:17:6e:3c:76:42:b7:27:55:a5:eb:f3:63:ae:
                    3b:89:77:96:fd:ec:15:82:bb:3e:2e:4e:12:4a:2a:
                    71:2d:85:b9:d0:1c:11:62:b2:af:2e:3b:71:a0:6b:
                    df:f7:4e:68:43:bd:0d:43:f1:59:94:40:98:1f:37:
                    fd:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:AC:11:84:6E:5B:2B:27:E3:5C:E0:E8:32:7A:15:61:54:11:2B:E0
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/zqwRhG5bKyfjXODoMnoVYVQRK-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:78:83:05:fa:d1:20:5e:d6:c7:41:9d:f2:04:fb:d8:c1:8a:
         9d:18:1d:6c:96:88:34:49:bb:9a:09:97:72:fe:51:5b:6f:f2:
         ea:24:95:0f:7a:88:e5:df:68:8e:58:8f:85:27:f1:99:cf:f8:
         b4:0c:87:2f:61:6b:0a:bf:1b:a7:61:18:51:3f:d8:70:3a:91:
         7e:7d:99:e6:af:4a:6b:21:dc:2a:b7:e9:2c:2d:d0:6e:44:86:
         ca:9c:3d:04:06:a1:70:1c:56:a8:97:70:a5:c7:90:6e:21:ae:
         cb:71:13:be:9c:6a:79:6a:15:53:ca:76:04:f0:52:d9:3f:72:
         ea:f0:ad:c6:52:6f:94:8f:17:ba:61:8d:51:9e:3b:37:06:fc:
         79:76:2a:03:be:83:f2:ac:8f:74:ec:32:e2:43:8e:1c:78:a4:
         b1:c7:43:e6:37:2b:40:8f:45:38:f5:08:6c:33:fc:cb:b8:07:
         8b:b3:65:01:39:fc:71:30:cc:20:31:f5:a5:31:02:1a:70:48:
         5e:41:be:e5:6f:d4:f2:a9:36:80:da:21:f4:82:45:bc:2d:97:
         7a:19:a4:49:07:55:49:03:08:79:76:bf:e8:85:03:c3:b4:a6:
         74:45:62:bd:35:0f:f0:c7:fd:80:20:2a:ef:dd:c0:b5:ab:46:
         d1:8e:4c:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSxEi9iD734mH4E3CSLa+BkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwMTI5MDc1OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWFjMTE4NDZlNWIyYjI3ZTM1Y2UwZTgzMjdhMTU2MTU0MTEyYmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8vX6eJ5HqqOQ15B28uymDj+ohAE
lwoidLrVBN2+Em8J/VdiK38VCjvgRkmkatBBMzv1KZUomTmTdq9zgxCCZ5nbgD04
qrQvGkYM8sjxdR7BEfO6c/lwfVvIAr/7a0BdJ4l597DLMt7URyg5IY3T6ZwXNEja
Jxa7HTrC44wyV9b6z8frjmAAvZYP60Ktwju89o4IpfEtWf5BWHgzqRL+UQJw+445
vCRtYhT+o5r4RT6Ek3Tl/eEDf9xqZDLXP/g/RwfZzxduPHZCtydVpevzY647iXeW
/ewVgrs+Lk4SSipxLYW50BwRYrKvLjtxoGvf905oQ70NQ/FZlECYHzf9CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6sEYRuWysn41zg6DJ6FWFUESvgMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvenF3UmhHNWJLeWZqWE9Eb01ub1ZZVlFSSy1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLgi4MA0G
CSqGSIb3DQEBCwUAA4IBAQALeIMF+tEgXtbHQZ3yBPvYwYqdGB1slog0SbuaCZdy
/lFbb/LqJJUPeojl32iOWI+FJ/GZz/i0DIcvYWsKvxunYRhRP9hwOpF+fZnmr0pr
Idwqt+ksLdBuRIbKnD0EBqFwHFaol3Clx5BuIa7LcRO+nGp5ahVTynYE8FLZP3Lq
8K3GUm+Ujxe6YY1Rnjs3Bvx5dioDvoPyrI907DLiQ44ceKSxx0PmNytAj0U49Qhs
M/zLuAeLs2UBOfxxMMwgMfWlMQIacEheQb7lb9TyqTaA2iH0gkW8LZd6GaRJB1VJ
Awh5dr/ohQPDtKZ0RWK9NQ/wx/2AICrv3cC1q0bRjkyq
-----END CERTIFICATE-----